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CLAIMS: 

1. A directory system for providing directory services in a communications network, the 
directory system including a plurality of memory segments for storing respective 

5 subsets of directory data for each directory object. 

2. A directory system as claimed in claim 1, wherein said plurality of memory segments 
includes a plurality of attribute segments for storing attribute data for directory objects. 

10 3. A directory system as claimed in claim 2, wherein each of said attribute segments 
includes one or more attribute sub-segments for storing attribute data for respective 
object classes. 

4. A directory system as claimed in claim 2, wherein each of said attribute segments 
15 includes one or more attribute sub-segments for storing attribute data for respective 

attribute types. 

5. A directory system as claimed in claim 2, wherein each of said attribute segments 
includes one or more attribute sub-segments, each of said attribute sub-segments 

20 including attribute cells for storing attribute data for attributes of the same attribute 
type. 

6. A directory system as claimed in claim 1, wherein said attribute segments store 
attribute data for respective portions of a directory information tree (DIT). 

25 

7. A directory system as claimed in claim 2, wherein the attribute data stored in said 
plurality of attribute segments may be grouped according to one or more of object 
class, attribute type, attribute, and portion of a DIT. 
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8. A directory system as claimed in claim 5, wherein said attribute data includes a 
normalized attribute value and a hash value for each attribute value in said attribute 
cells. 

5 9. A directory system as claimed in claim 8, wherein the directory system is adapted to 
generate and store a hash value for each relative distinguished name in said attribute 
cells. 

10. A directory system as claimed in claim 5, wherein said attribute data includes a context 
10 prefix identifier of a corresponding entry, and a relative distinguished name identifier 

of said entry. 

11. A directory system as claimed in claim 5, wherein said attribute data includes data 
indicating whether each of said attributes is associated with one or more other 

15 attributes. 

12. A directory system as claimed in claim 5, wherein said attribute data includes data 
indicating whether each of said attributes is a sponsoring attribute for one or more 
other attributes. 

20 

13. A directory system as claimed in claim 2, wherein attributes having the same object 
naming characteristics are stored together. 

14. A directory system as claimed in claim 13, wherein the object naming characteristics of 
25 an attribute correspond to one of distinguished attributes, aliased distinguished names, 

and non-naming attributes. 

15. A directory system as claimed in claim 2, wherein attributes having the same directory 
information characteristics are stored together. 

30 
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16. A directory system as claimed in claim 15, wherein the directory information 
characteristics of an attribute correspond to one of collective attributes, compound 
attributes, attributes of Compound attributes, X.500/LDAP operational attributes, user 
operational attributes, sponsoring attributes, and other attributes. 

5 

17. A directory system as claimed in claim 1, wherein said plurality of memory segments 
includes a plurality of object segments for storing management data for directory 
objects. 

10 18. A directory system as claimed in claim 17, wherein said management data includes 
security data. 

19. A directory system as claimed in claim 17, wherein said object segments include a first 
object segment for storing distinct name binding rules for directory objects, and at least 

15 one second object segment for storing other object data for said directory objects. 

20. A directory system as claimed in claim 17, wherein said object segments include a first 
object segment for storing access control data for directory objects, and at least one 
second object segment for storing other object data for said directory objects. 

20 

21. A directory system as claimed in claim 20, wherein the directory system is adapted to 
generate one or more access control identifiers for a user on the basis of access 
configuration information for said user, and to determine said user's access to a 
directory object, on the basis of access control identifiers associated with said object 

25 and said user. 

22. A directory system as claimed in claim 21, wherein said one or more access control 
identifiers identify one or more of a specific user, a group of users, and a generic user. 
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23. A directory system as claimed in claim 21, wherein each access control identifier 
includes respective components for accessing a selected DIT, for performing a selected 
directory operation, for accessing a selected attribute group, and for accessing a 
selected attribute type. 

24. A directory system as claimed in claim 21, wherein said access control data includes 
one or more access control identifiers for each directory object, and hierarchical access 
data defining access to a DIT, a directory operation, an attribute group, and an attribute 
type. 

25. A directory system as claimed in claim 17, wherein each of said object segments 
includes one or more object sub-segments, each of said object sub-segments including 
object cells for storing DIT schema data and access control data for controlling access 
to a DIT or a portion of a DIT. 

26. A directory system as claimed in claim 24, wherein said access control data includes 
one or more numeric access control identifiers. 

27. A directory system as claimed in claim 25, wherein the directory system is adapted to 
20 generate access control identifiers on the basis of user configuration data specifying 

user access to one or more parts of a DIT and to store said access control identifiers in 
object sub-segment cells corresponding to said one or more parts of said DIT. 

28. A directory system as claimed in claim 20, wherein the directory system is adapted to 
25 generate a directory operation access control identifier for use in determining whether a 

user is granted access to perform a selected directory operation on a selected attribute 
type in a selected portion of a DIT, said directory operation access control identifier 
identifying said directory operation, said portion of said DIT and said attribute type, 
and the directory system is adapted to determine whether said access is granted on the 
30 basis of a comparison of said directory operation access control identifier with one or 



10 



15 
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more access control identifiers associated with one or more of said portion of said DIT, 
said attribute type, and an attribute type group including said attribute type. 

29. A directory system as claimed in claim 20, wherein the directory system is adapted to 
5 generate one or more access control identifiers for a user on the basis of access 
configuration information for said user, and a trusted operating system is used to 
determine said user's access to a directory object on the basis of access control 
identifiers associated with said object and said user. 

10 30. A directory system as claimed in claim 20, wherein the directory system is adapted to 
generate one or more access control identifiers for a user on the basis of access 
configuration information for said user, and the directory system includes an attribute 
processor adapted to determine said user's access to a directory object on the basis of 
access control identifiers associated with said object and said user. 

15 

31. A directory system as claimed in claim 1, wherein said plurality of memory segments 
includes a plurality of directory information tree (DIT) segments for storing 
hierarchical structure data for directory objects. 

20 32. A directory system as claimed in claim 31, wherein each DIT segment includes one or 
more DIT sub-segments, each of said DIT sub-segments including DIT cells for storing 
references to non-leaf entries of a directory tree. 

33. A directory system as claimed in claim 31, wherein said DIT sub-segments store 
25 references to respective portions of a DIT. 

34. A directory system as claimed in claim 32, wherein said portions correspond to 
selected portions of a DIT having a flat namespace. 



30 



35. A directory system as claimed in claim 32, wherein two or more DIT sub-segments 
represent portions of a DIT having a flat namespace. 
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36. A directory system as claimed in claim 31, wherein two or more of said DIT sub- 
segments store references to a selected portion of a DIT. 

5 37. A directory system as claimed in claim 31, wherein each of said references includes a 
name and a prefix. 

38. A directory system as claimed in claim 36, wherein each of said references includes a 
distinguished name prefix and a hash value for said distinguished name prefix. 

10 

39. A directory system as claimed in claim 27, wherein one or more of said DIT sub- 
segments includes one or more access control identifiers for controlling access to a 
corresponding DIT sub-segment. 

15 40. A directory system for providing directory services in a communications network, the 
directory system including a plurality of directory information tree (DIT) segments for 
storing hierarchical structure data for directory objects, a plurality of object segments 
for storing management data for said directory objects, and a plurality of attribute 
segments for storing attribute data for said directory objects. 

20 

41. A directory system as claimed in claim 40, wherein each of said DIT segments 
identifies one or more object segments having stored therein management data for 
objects of the DIT segment, and one or more attribute segments having stored therein 
attribute data for said objects. 

25 

42. A directory system as claimed in claim 40, wherein said management data includes 
name binding rules and access control data for said directory objects. 



43. A directory system as claimed in claim 1, wherein said plurality of memory segments 
30 includes a plurality of transaction segments for storing transaction data representing 

phases of a directory transaction to allow recovery of said directory transaction. 
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44. A directory system as claimed in claim 43, including a transaction management 
component for updating said transaction data during said phases of a directory 
transaction. 

5 

45. A directory system as claimed in claim 44, wherein said transaction management 
component is adapted to recover directory data on the basis of said transaction data. 

46. A directory system as claimed in claim 1, wherein said plurality of memory segments 
10 includes at least one adaptation segment for storing adaptation data representing the 

usage of said memory segments. 

47. A directory system as claimed in claim 46, wherein said adaptation data represents the 
organisation of directory data stored in said plurality of memory segments. 

15 

48. A directory system as claimed in claim 1, including an adaptation component for 
automatically reconfiguring said memory segments on the basis of usage of said 
memory segments. 

20 49. A directory system as claimed in claim 48, wherein said reconfiguring includes 
segregating one or more portions of said directory data on the basis of access 
frequencies for said one or more portions of said directory data. 

50. A directory system as claimed in claim 48, wherein said reconfiguring includes 
25 segregating one or more portions of said directory data on the basis of the number of 

instances of an entity of said directory data in a region of memory. 

51. A directory system as claimed in claim 48, wherein said reconfiguring includes 
segregating instances of an attribute type from a name space into two or more regions 

30 of memory. 



01 
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52. A directory system as claimed in claim 48, wherein said reconfiguring includes 
segregating instances of an object class into two or more regions of memory. 



53. A directory system as claimed in claim 48, wherein said reconfiguring includes 
segregating one or more portions of said directory data on the basis of access control 
data for said one or more portions of said directory data. 



54. A directory system as claimed in claim 48, wherein said reconfiguring includes 
aggregating directory data for a multi-object entity. 



55. A directory system as claimed in claim 1, wherein the directory system is adapted to 
store selected portions of said directory data in respective regions of memory, and to 
store other portions of said directory data in backing store. 



15 56. A directory system as claimed in claim 1, including a plurality of modules for 
accessing and managing said plurality of memory segments. 



57. A directory system as claimed in claim 56, including a statistical module for generating 
statistical data in relation to directory entries. 



58. A directory system as claimed in claim 56, including a monitoring module for 
monitoring one or more directory entries and for generating notification data in 
response to modification of a monitored directory entry. 



25 59. A directory system as claimed in claim 56, including a collective attributes module for 
segregating collective attributes of entries within a name space. 



60. A directory system as claimed in claim 56, including a validation module for validating 
one or more certificate paths. 



/* C:Wmclo\vs\TEMP\wi* ITe directory system specdoc- 1 1/1 1/03 



10 



- 117- 



61. A directory system as claimed in claim 56, including a multi -object management 
module for processing two or more objects as an entity. 



62. A directory system as claimed in claim 61, wherein said two or more objects include a 
sponsoring object and one or more sponsored objects. 



63. A directory system as claimed in claim 62, wherein said multi-object management 
module is adapted to automatically generate said one or more sponsored objects when a 
sponsoring object is generated. 



64. A directory system as claimed in claim 63, wherein said multi-object module is 
adapted to initialise attributes and access controls of said sponsored objects when a 
sponsoring object is generated. 



15 65. A directory system as claimed in claim 63, wherein said multi-object module is 
adapted to automatically generate one or more objects related to a user object when 
said user object is generated. 



66. A directory system as claimed in claim 65, wherein said user object may represent a 
20 user, and said one or more objects may represent one or more services for said user. 



67. A directory system as claimed in claim 65, wherein said one or more services includes 
a presence service. 



25 68. A directory system as claimed in claim 56, including a user presence module for 
generating user presence data to indicate whether a user is using a directory. 



69. A directory system as claimed in claim 67, wherein said user presence module is 
adapted to generate one or more events in response to a change in said user presence 
30 data. 
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70. A directory system as claimed in claim 56, including a service authorization module 
for determining whether a user is authorised to use one or more services. 



71. A directory system as claimed in claim 70, wherein said service authorization module 
5 is adapted to perform said determining in response to a directory search. 



72. A directory system as claimed in claim 71, wherein said directory search is based on an 
authorisation matching rule, service and device properties, and an authorisation token. 



10 73. A directory system as claimed in claim 56, including a relational search module for 
performing a distributed object relational search in response to a search query 
including relational operators. 

74. A directory system as claimed in claim 56, including one or more messaging modules 
15 for providing transactional messaging services to users. 

75. A directory system as claimed in claim 74, wherein said one or more messaging 
modules are adapted to store message data as one or more objects in a directory. 

20 76. A directory system as claimed in claim 74, including an address book module for 
managing messaging addresses. 



77. A directory system as claimed in claim 74, including one or more messaging gateway 
modules for communicating with remote messaging systems using one or more 
25 messaging protocols. 



78. A directory system as claimed in claim 1, including at least one attribute processor 
adapted to store and process attribute data of a directory. 



30 



79. A directory system as claimed in claim 78, wherein said attribute processor includes an 
application-specific integrated circuit. 
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80. A directory system for providing directory services in a communications network, the 

«/ J ST O V 

directory system including one or more messaging modules for providing transactional 
messaging services to users. 

5 

81. A directory system as claimed in claim 80, wherein said transactional messaging 
services include at least one of email and instant messaging. 

82. A directory system as claimed in claim 80, wherein said one or more messaging 
10 modules are adapted to store message data as one or more objects in said directory. 

83. A directory system as claimed in claim 80, wherein said transactional messaging 
services are adapted to store a user's mail box and address book as objects in a 
directory. 

15 

84. A process for providing directory services in a communications network, including 
monitoring directory data stored in a plurality of memory segments; and redistributing 
at least a portion of said directory data in said plurality of memory segments based on 
said monitoring to improve performance of said directory services. 

20 

85. A process as claimed in claim 84, wherein said monitoring includes at least one of: 
monitoring usage of said directory data, monitoring depth of a portion of a DIT, 
monitoring spread of a portion of a DIT, monitoring the number of instances of entities 
of said directory data, monitoring search times for said directory data, and monitoring 

25 the association of access control data with one or more directory objects. 



86. A process as claimed in claim 84, wherein said entities include at least one of 
attributes, object classes, and directory objects. 
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87. A process as claimed in claim 84, wherein said step of monitoring includes monitoring 
associations of access control data with portions of directory data, and said step of 
redistributing includes storing one or more portions of said directory data with one or 
more associated portions of said access control data. 

5 

88. A process as claimed in claim 87, wherein said monitoring includes determining that 
one or more access control identifiers applies to a portion of a DIT, and said 
redistributing includes storing said portion of said DIT with said one or more access 
control identifiers. 

10 

89. A process as claimed in claim 87, wherein said monitoring includes determining that 
one or more access control identifiers applies to instances of an attribute type, and said 
redistributing includes storing said instances of said attribute type with said one or 
more access control identifiers. 

15 

90. A process as claimed in claim 84, including generating at least one new memory 
segment and wherein said step of redistributing includes storing at least a portion of 
said directory data in said at least one new memory segment. 

20 91. A process as claimed in claim 84, wherein said step of redistributing includes storing 
respective portions of said directory data stored in a memory segment in two or more 
memory segments. 

92. A process as claimed in claim 84, wherein said step of redistributing includes selecting 
25 portions of said directory data stored in two or more memory segments and storing the 

selected portions into one memory segment. 

93. A process as claimed in claim 84, wherein said step of redistributing includes selecting 
object class information, access control information, and DIT structure information that 

30 applies to at least one portion of a DIT, storing the selected information in at least one 
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object segment, and associating the selected information with at least a portion of at 
"least one DIT segment corresponding to said at least one portion of said DIT. 

94. A process as claimed in claim 84, including monitoring usage of remote directory data 
5 and storing at least a portion of said remote directory data in at least one local memory 

segment based on said usage to improve performance of said directory services. 

95. A process as claimed in claim 84, wherein said redistributing includes redistributing 
directory data from a memory segment into two or more memory segments. 

10 

96. A process as claimed in claim 84, wherein said monitoring includes monitoring the 
number of instances of directory data in a memory segment. 

97. A process as claimed in claim 84, wherein said monitoring includes monitoring search 
15 times for said directory data. 

98. A process as claimed in claim 84, wherein said redistributing includes segregating 
directory data based on access frequencies for said directory data. 

20 99. A process as claimed in claim 85, wherein said reconfiguring includes aggregating 
directory data for a multi-object entity. 

100. A directory system having components for executing the steps of any one of claims 84 
to 99. 

25 

101. A computer readable storage medium having stored thereon program code for 
executing the steps of any one of claims 84 to 99. 



